🕶️ Add HumanIDv1 blinding commitments

Author: KimlikDAO-bot

mina/examples/Airdrop.test.ts

@@ -1,14 +1,13 @@
 import {
   AccountUpdate,
-  Bool,
   Field,
   MerkleTree,
   Mina,
   PrivateKey,
-  Signature,
   UInt64
 } from "o1js";
-import { HumanIDWitness, Signatures, authenticate } from "../humanIDv1";
+import { HumanIDWitness } from "../humanIDv1";
+import { signHumanIDv1, truncateHumanIDv1 } from "../humanIDv1.test";
 import { Airdrop } from "./Airdrop";
 
 describe('Example Airdrop zkApp', () => {
@@ -18,26 +17,6 @@ describe('Example Airdrop zkApp', () => {
   const sender = senderKey.toPublicKey();
   const appKey = PrivateKey.random();
   const appAddr = appKey.toPublicKey();
-  const id1 = Field(1);
-  const id2 = Field(2);
-  const privKey1 = PrivateKey.fromBigInt(1n);
-  const privKey2 = PrivateKey.fromBigInt(2n);
-  const privKey3 = PrivateKey.fromBigInt(3n);
-  const sigs = new Signatures({
-    sig1: Signature.create(privKey1, [Field(100), sender.x.add(sender.isOdd.toField())]),
-    sig2: Signature.create(privKey2, [Field(100), sender.x.add(sender.isOdd.toField())]),
-    sig3: Signature.create(privKey3, [Field(100), sender.x.add(sender.isOdd.toField())])
-  });
-  const sigs1 = new Signatures({
-    sig1: Signature.create(privKey1, [id1, sender.x.add(sender.isOdd.toField())]),
-    sig2: Signature.create(privKey2, [id1, sender.x.add(sender.isOdd.toField())]),
-    sig3: Signature.create(privKey3, [id1, sender.x.add(sender.isOdd.toField())])
-  });
-  const sigs2 = new Signatures({
-    sig1: Signature.create(privKey1, [id2, sender.x.add(sender.isOdd.toField())]),
-    sig2: Signature.create(privKey2, [id2, sender.x.add(sender.isOdd.toField())]),
-    sig3: Signature.create(privKey3, [id2, sender.x.add(sender.isOdd.toField())])
-  });
   let tree: MerkleTree;
   let app: Airdrop;
 
@@ -52,6 +31,13 @@ describe('Example Airdrop zkApp', () => {
       local.addAccount(sender, "100000000000");
     }));
 
+  const getWitnessAndInsert = (humanIDv1Key: bigint) => {
+    const truncated = truncateHumanIDv1(humanIDv1Key);
+    const witness = new HumanIDWitness(tree.getWitness(truncated));
+    tree.setLeaf(truncated, Field(1));
+    return witness;
+  }
+
   const fundZkApp = () => Mina.transaction(sender, async () => {
     let senderUpdate = AccountUpdate.create(sender);
     senderUpdate.requireSignature();
@@ -65,11 +51,6 @@ describe('Example Airdrop zkApp', () => {
   }).then((txn) => txn.prove())
     .then((txn) => txn.sign([deployerKey, appKey]).send())
 
-  it('should verify signatures', () => {
-    authenticate(id1, sigs1, sender);
-    authenticate(id2, sigs2, sender);
-  })
-
   it('should deploy the app and fund it', async () => {
     await deploy();
     await fundZkApp();
@@ -81,7 +62,7 @@ describe('Example Airdrop zkApp', () => {
     await fundZkApp()
 
     await Mina.transaction(sender, () => {
-      return app.claimReward(Field(100), sigs, new HumanIDWitness(tree.getWitness(100n)));
+      return app.claimReward(...signHumanIDv1(100n, sender), getWitnessAndInsert(100n));
     }).then((txn) => txn.prove())
       .then((txn) => txn.sign([senderKey]).send());
   });
@@ -91,31 +72,17 @@ describe('Example Airdrop zkApp', () => {
     await fundZkApp();
 
     const id1 = 123123123123123123123123123123n;
-    const truncatedId1 = id1 & 0xFFFFFFFFn;
-    const sigsTest1 = new Signatures({
-      sig1: Signature.create(privKey1, [Field(id1), sender.x.add(sender.isOdd.toField())]),
-      sig2: Signature.create(privKey2, [Field(id1), sender.x.add(sender.isOdd.toField())]),
-      sig3: Signature.create(privKey3, [Field(id1), sender.x.add(sender.isOdd.toField())])
-    });
     await Mina.transaction(
       sender,
-      () => app.claimReward(Field(id1), sigsTest1, new HumanIDWitness(tree.getWitness(truncatedId1)))
+      () => app.claimReward(...signHumanIDv1(id1, sender), getWitnessAndInsert(id1))
     )
       .then((txn) => txn.prove())
       .then((txn) => txn.sign([senderKey]).send());
 
-    tree.setLeaf(truncatedId1, Field(1));
-
     const id2 = 123123123123123123123123123124n;
-    const truncatedId2 = id2 & 0xFFFFFFFFn;
-    const sigsTest2 = new Signatures({
-      sig1: Signature.create(privKey1, [Field(id2), sender.x.add(sender.isOdd.toField())]),
-      sig2: Signature.create(privKey2, [Field(id2), sender.x.add(sender.isOdd.toField())]),
-      sig3: Signature.create(privKey3, [Field(id2), sender.x.add(sender.isOdd.toField())])
-    });
     await Mina.transaction(
       sender,
-      () => app.claimReward(Field(id2), sigsTest2, new HumanIDWitness(tree.getWitness(truncatedId2)))
+      () => app.claimReward(...signHumanIDv1(id2, sender), getWitnessAndInsert(id2))
     )
       .then((txn) => txn.prove())
       .then((txn) => txn.sign([senderKey]).send());
@@ -125,35 +92,30 @@ describe('Example Airdrop zkApp', () => {
     await deploy();
     await fundZkApp();
 
-    const sigsTest3 = new Signatures({
-      sig1: Signature.create(privKey1, [Field(123123123123123n), sender.x.add(sender.isOdd.toField())]),
-      sig2: Signature.create(privKey2, [Field(123123123123123n), sender.x.add(sender.isOdd.toField())]),
-      sig3: Signature.create(privKey3, [Field(123123123123123n), sender.x.add(sender.isOdd.toField())])
-    });
-    await expect(() => Mina.transaction(
+    const id = 123123123123123123123123123124n;
+    expect(() => Mina.transaction(
       sender,
-      () => app.claimReward(Field(123123123123123n), sigsTest3, new HumanIDWitness(tree.getWitness(100n)))
+      () => app.claimReward(...signHumanIDv1(id, sender), getWitnessAndInsert(100n))
     )
       .then((txn) => txn.prove())
-      .then((txn) => txn.sign([senderKey]).send())).rejects.toThrow(/does not match the witness/);
+      .then((txn) => txn.sign([senderKey]).send())).rejects.toThrow(/does not match/);
   })
 
   it('should not let double claimReward()', async () => {
     await deploy();
     await fundZkApp();
 
+    const id = 123123123123123123123123123123n;
     await Mina.transaction(
       sender,
-      () => app.claimReward(Field(100), sigs, new HumanIDWitness(tree.getWitness(100n)))
+      () => app.claimReward(...signHumanIDv1(id, sender), getWitnessAndInsert(id))
     )
       .then((txn) => txn.prove())
       .then((txn) => txn.sign([senderKey]).send());
 
-    tree.setLeaf(100n, Field(1));
-
-    await expect(() => Mina.transaction(
+    expect(() => Mina.transaction(
       sender,
-      () => app.claimReward(Field(100), sigs, new HumanIDWitness(tree.getWitness(100n)))
+      () => app.claimReward(...signHumanIDv1(id, sender), getWitnessAndInsert(id))
     )
       .then((txn) => txn.prove())
       .then((txn) => txn.sign([senderKey]).send())).rejects.toThrow(/already exists/);
@@ -167,7 +129,7 @@ describe('Example Airdrop zkApp', () => {
 
     await Mina.transaction(
       sender,
-      () => app.claimReward(Field(100), sigs, new HumanIDWitness(tree.getWitness(100n)))
+      () => app.claimReward(...signHumanIDv1(100n, sender), getWitnessAndInsert(100n))
     )
       .then((txn) => txn.prove())
       .then((txn) => txn.sign([senderKey]).send());

mina/examples/Airdrop.ts

@@ -15,8 +15,7 @@ import {
 const MINA = 1e9;
 
 /**
- * Example airdrop zkApp, which gives 10 MINA rewards to the first 1000
- * unique humans.
+ * Example airdrop zkApp, which gives 10 MINA rewards to each unique human.
  */
 class Airdrop extends SmartContract {
   @state(Field) treeRoot = State<Field>();
@@ -28,11 +27,13 @@ class Airdrop extends SmartContract {
 
   @method async claimReward(
     humanIDv1: Field,
+    commitmentR: Field,
     sigs: Signatures,
     witness: HumanIDWitness,
   ) {
-    acceptHumanIDv1(humanIDv1, sigs, this.treeRoot, witness, this.sender.getAndRequireSignature());
-    this.send({ to: this.sender.getUnconstrained(), amount: 10 * MINA });
+    const sender = this.sender.getUnconstrained();
+    acceptHumanIDv1(sender, humanIDv1, commitmentR, sigs, this.treeRoot, witness);
+    this.send({ to: sender, amount: 10 * MINA });
   }
 }
 

mina/humanIDv1.test.ts

@@ -0,0 +1,70 @@
+import { Field, Poseidon, PrivateKey, PublicKey, Signature } from "o1js";
+import { Signatures, authenticate, requireConsistent } from "./humanIDv1";
+
+const Nodes = [
+  PrivateKey.fromBigInt(1n),
+  PrivateKey.fromBigInt(2n),
+  PrivateKey.fromBigInt(3n),
+];
+
+const blindingCommit = (sender: PublicKey) => {
+  const commitmentR = Field.random();
+  return [
+    commitmentR,
+    Poseidon.hash([commitmentR, sender.x.add(sender.isOdd.toField())]),
+  ];
+};
+
+const signHumanIDv1 = (
+  humanIDv1Key: bigint,
+  sender: PublicKey
+): [Field, Field, Signatures] => {
+  const humanIDv1 = Field(humanIDv1Key);
+  const [commitmentR, commitment] = blindingCommit(sender);
+  const sigs = new Signatures({
+    sig0: Signature.create(Nodes[0], [humanIDv1, commitment]),
+    sig1: Signature.create(Nodes[1], [humanIDv1, commitment]),
+    sig2: Signature.create(Nodes[2], [humanIDv1, commitment]),
+  });
+  return [humanIDv1, commitmentR, sigs];
+};
+
+const truncateHumanIDv1 = (humanIDv1Key: bigint) => humanIDv1Key & 0xffffffffn;
+
+const badSignHumanIDv1 = (
+  humanIDv1Key: bigint,
+  sender: PublicKey
+): [Field, Field, Signatures] => {
+  const humanIDv1 = Field(humanIDv1Key);
+  const [commitmentR, commitment] = blindingCommit(sender);
+  const sigs = new Signatures({
+    sig0: Signature.create(Nodes[0], [humanIDv1, commitment]),
+    sig1: Signature.create(Nodes[1], [humanIDv1, commitment]),
+    sig2: Signature.create(Nodes[3], [humanIDv1, commitment]),
+  });
+  return [humanIDv1, commitmentR, sigs];
+};
+
+describe("humanIDv1 SDK tests", () => {
+  it("should authenticate geniune humanIDv1s and reject others", () => {
+    const claimant = PrivateKey.fromBigInt(0x1337n).toPublicKey();
+    expect(() =>
+      authenticate(claimant, ...signHumanIDv1(100n, claimant))
+    ).not.toThrow();
+    expect(() =>
+      authenticate(claimant, ...badSignHumanIDv1(200n, claimant))
+    ).toThrow();
+  });
+
+  it("should accept only matching (humanIDv1, witness) pairs", () => {
+    const id1 = 98708374501874509283475982345n;
+    expect(() =>
+      requireConsistent(Field(id1), Field(truncateHumanIDv1(id1)))
+    ).not.toThrow();
+    expect(() =>
+      requireConsistent(Field(id1), Field(truncateHumanIDv1(id1 + 1n)))
+    ).toThrow();
+  });
+});
+
+export { blindingCommit, signHumanIDv1, truncateHumanIDv1 };

mina/humanIDv1.ts

@@ -1,6 +1,7 @@
 import {
   Field,
   MerkleWitness,
+  Poseidon,
   PrivateKey,
   PublicKey,
   Signature,
@@ -9,19 +10,18 @@ import {
 } from "o1js";
 
 class Signatures extends Struct({
+  sig0: Signature,
   sig1: Signature,
   sig2: Signature,
-  sig3: Signature,
-}) {}
+}) { }
 
-const node1PrivKey = PrivateKey.fromBigInt(1n);
-const node1PublicKey = node1PrivKey.toPublicKey();
-const node2PrivKey = PrivateKey.fromBigInt(2n);
-const node2PublicKey = node2PrivKey.toPublicKey();
-const node3PrivKey = PrivateKey.fromBigInt(3n);
-const node3PublicKey = node3PrivKey.toPublicKey();
+const Nodes = [
+  PrivateKey.fromBigInt(1n).toPublicKey(),
+  PrivateKey.fromBigInt(2n).toPublicKey(),
+  PrivateKey.fromBigInt(3n).toPublicKey(),
+];
 
-class HumanIDWitness extends MerkleWitness(33) {}
+class HumanIDWitness extends MerkleWitness(33) { }
 
 const addToMerkleTree = (treeRoot: State<Field>, witness: HumanIDWitness) => {
   const currentTreeRoot = treeRoot.getAndRequireEquals();
@@ -33,13 +33,15 @@ const addToMerkleTree = (treeRoot: State<Field>, witness: HumanIDWitness) => {
 };
 
 const authenticate = (
+  claimant: PublicKey,
   humanIDv1: Field,
+  commitmentR: Field,
   sigs: Signatures,
-  claimant: PublicKey
 ) => {
-    sigs.sig1.verify(node1PublicKey, [humanIDv1, claimant.x.add(claimant.isOdd.toField())]).assertTrue();
-    sigs.sig2.verify(node2PublicKey, [humanIDv1, claimant.x.add(claimant.isOdd.toField())]).assertTrue();
-    sigs.sig3.verify(node3PublicKey, [humanIDv1, claimant.x.add(claimant.isOdd.toField())]).assertTrue();
+  const commitment = Poseidon.hash([commitmentR, claimant.x.add(claimant.isOdd.toField())]);
+  sigs.sig0.verify(Nodes[0], [humanIDv1, commitment]).assertTrue();
+  sigs.sig1.verify(Nodes[1], [humanIDv1, commitment]).assertTrue();
+  sigs.sig2.verify(Nodes[2], [humanIDv1, commitment]).assertTrue();
 };
 
 const EmptyRoot =
@@ -48,34 +50,34 @@ const EmptyRoot =
 const Inverse2Exp32 =
   Field(0x3fffffffc00000000000000000000000224698fbe706601f8fe037d166d2cf14n);
 
-const requireConsistent = (humanIDv1: Field, truncatedHumanIDv1: Field) => {
-  humanIDv1
-    .sub(truncatedHumanIDv1)
-    .mul(Inverse2Exp32)
-    .assertLessThan(
-      (1n << 222n) + 0x224698fc094cf91b992d30edn,
-      "HumanID does not match the witness"
-    );
-};
+const requireConsistent = (humanIDv1: Field, truncatedHumanIDv1: Field) => humanIDv1
+  .sub(truncatedHumanIDv1)
+  .mul(Inverse2Exp32)
+  .assertLessThan(
+    (1n << 222n) + 0x224698fc094cf91b992d30edn,
+    "HumanID does not match the witness"
+  );
 
 const acceptHumanIDv1 = (
+  claimant: PublicKey,
   humanIDv1: Field,
+  commitmentR: Field,
   sigs: Signatures,
   treeRoot: State<Field>,
   witness: HumanIDWitness,
-  claimant: PublicKey
 ) => {
-  authenticate(humanIDv1, sigs, claimant);
+  authenticate(claimant, humanIDv1, commitmentR, sigs);
   requireConsistent(humanIDv1, witness.calculateIndex());
   addToMerkleTree(treeRoot, witness);
 };
 
 export {
   EmptyRoot,
   HumanIDWitness,
+  Nodes,
   Signatures,
   acceptHumanIDv1,
   addToMerkleTree,
   authenticate,
-  requireConsistent,
+  requireConsistent
 };

mina/tsconfig.json

@@ -24,6 +24,7 @@
     "useDefineForClassFields": false,
   },
   "include": [
-    "./examples"
+    "./examples",
+    "./"
   ],
 }